CVE-2025-14858
Information Disclosure in Semtech LR11xx Firmware Validation via SPI
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: Sierra Wireless Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| semtech | lr11xx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-226 | The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker with physical access to the SPI interface to retrieve decrypted firmware contents from residual memory, effectively bypassing firmware encryption protection. This information disclosure could potentially expose sensitive firmware data.
Such unauthorized disclosure of firmware data may impact compliance with standards and regulations that require protection of sensitive information, such as GDPR and HIPAA, especially if the firmware contains personal data or security-critical code.
However, the vulnerability requires physical access to the device's SPI interface, which may limit the risk depending on the deployment environment and physical security controls.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of the device's firmware. An attacker with physical access to the SPI interface can extract decrypted firmware code, potentially exposing proprietary or sensitive information. This could facilitate reverse engineering, intellectual property theft, or further attacks on the device by understanding its firmware.
Can you explain this vulnerability to me?
The Semtech LR11xx LoRa transceivers running early firmware versions have an information disclosure vulnerability in their firmware validation process. When the device checks the validity of firmware via the SPI interface, it decrypts the firmware block-by-block. However, after validation, the last decrypted firmware block remains in memory and is not cleared. An attacker with physical access to the SPI interface can read this residual memory to retrieve decrypted firmware contents, bypassing the encryption protection.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires physical access to the device's SPI interface and involves the firmware validation process of Semtech LR11xx LoRa transceivers. Detection would involve checking for unauthorized access or commands issued via the SPI interface that read memory after a firmware validation command.
Since the vulnerability is related to residual decrypted firmware blocks remaining in memory after validation, detection might involve monitoring SPI interface commands for suspicious memory read operations following firmware validation commands.
However, no specific detection commands or network-based detection methods are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability requires physical access to the SPI interface, so immediate mitigation steps include restricting physical access to the device to trusted personnel only.
Additionally, updating the firmware to a version that addresses this information disclosure vulnerability would be advisable once such an update is available.
No specific mitigation commands or procedures are provided in the available information.